Greenguy's Board - View Single Post - Protecting the video

ClickBuster · 2005-01-04, 02:51 PM

OK guys, here's the deal. I created a small PHP script called view.php, which I setup in the home dir of the free site.

Site URL:
http://free-gaysites.com/a_cock_sucking_fiesta/porn/

view.php URL:
http://free-gaysites.com/a_cock_suck.../porn/view.php

Here you can find an example of the script in aciton:
http://free-gaysites.com/a_cock_suck..._movies_8.html

It's applied only to the last 6th movie.

I put my movies in 3 dirs:
/images/movies_1
/images/movies_2
/images/movies_3

In the script I configure the home dir of the movies in relation to view.php:

PHP Code:


			
  $movies_path = "images/";

I load a file using the view.php with the $file variable pointing to the movie file:

http://free-gaysites.com/a_cock_suck...06_wmv_med.wmv

Now, this will download the file in the browser AND will allow even opening from the browser in Media Player or similiar application. But if you try to download everything thru a download manage (I used Flash Get, which supports cookies) you will end in endless loop that won't ever download the file. Here's the actual code of the view.php script:

PHP Code:


			
<?php

    // Home directory

    // It's important that the video file is protected as it's full path is a combination of the 

    // $movies_path and $file variables, otherwise the PHP script can be hacked

    // and allow people to read files they should have access to - password files, configuration 

    //files/scripts, etc.

  

    $movies_path = "images/"; 

  

    if ( !isset($_COOKIE[get_movie]  )) {

        setcookie("get_movie", 1);

        header("Location: view.php?file=$file");

        exit;

    }

  

    $file = $movies_path.$file;

    

    if ( is_file ( $file ) && isset($_COOKIE[get_movie]) ){

        header("Content-type: application/octet-stream");

        header("Content-Length: ".filesize($file));

        header("Content-Disposition: attachment; filename=$file");

        header("Content-transfer-encoding: none\n");

        readfile($file);

    } else {

        echo "Error 404: file not found";

    }

?>

Now the last thing to do is to protect your movies from beeing downloaded directly. Just a simple .htaccess file in the dir of the files containing the following line:

Deny from all

That will won't allow direct downloads, by just entereing the URL in the browser address bar:

http://free-gaysites.com/a_cock_suck...06_wmv_med.wmv

will return Error 403: Access denied (currently I don't have .htaccess setup)

2005-01-04, 02:51 PM	#1
ClickBuster I'm normally not a praying man, but if you're up there, please save me Superman! Join Date: Dec 2004 Location: Bulgaria Posts: 476	Protecting the video - EXAMPLE OK guys, here's the deal. I created a small PHP script called view.php, which I setup in the home dir of the free site. Site URL: http://free-gaysites.com/a_cock_sucking_fiesta/porn/ view.php URL: http://free-gaysites.com/a_cock_suck.../porn/view.php Here you can find an example of the script in aciton: http://free-gaysites.com/a_cock_suck..._movies_8.html It's applied only to the last 6th movie. I put my movies in 3 dirs: /images/movies_1 /images/movies_2 /images/movies_3 In the script I configure the home dir of the movies in relation to view.php: PHP Code: `$movies_path = "images/";` I load a file using the view.php with the $file variable pointing to the movie file: http://free-gaysites.com/a_cock_suck...06_wmv_med.wmv Now, this will download the file in the browser AND will allow even opening from the browser in Media Player or similiar application. But if you try to download everything thru a download manage (I used Flash Get, which supports cookies) you will end in endless loop that won't ever download the file. Here's the actual code of the view.php script: PHP Code: <?php // Home directory // It's important that the video file is protected as it's full path is a combination of the // $movies_path and $file variables, otherwise the PHP script can be hacked // and allow people to read files they should have access to - password files, configuration //files/scripts, etc. $movies_path = "images/"; if ( !isset($_COOKIE[get_movie] )) { setcookie("get_movie", 1); header("Location: view.php?file=$file"); exit; } $file = $movies_path.$file; if ( is_file ( $file ) && isset($_COOKIE[get_movie]) ){ header("Content-type: application/octet-stream"); header("Content-Length: ".filesize($file)); header("Content-Disposition: attachment; filename=$file"); header("Content-transfer-encoding: none\n"); readfile($file); } else { echo "Error 404: file not found"; } ?> Now the last thing to do is to protect your movies from beeing downloaded directly. Just a simple .htaccess file in the dir of the files containing the following line: Deny from all That will won't allow direct downloads, by just entereing the URL in the browser address bar: http://free-gaysites.com/a_cock_suck...06_wmv_med.wmv will return Error 403: Access denied (currently I don't have .htaccess setup) __________________ The tendency is to push it as far as you can -- Fear and Loathing In Las Vegas